DEBIAN-CVE-2022-23467
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-23467
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-23467.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-23467
- Upstream
- Published
- 2022-12-05T20:15:10Z
- Modified
- 2025-09-19T07:32:13.027162Z
- Summary
- [none]
- Details
-
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the
razer_attr_read_dpi_stages, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices. - References
Affected packages
Debian:11 / openrazer
Package
- Name
- openrazer
- Purl
- pkg:deb/debian/openrazer?arch=source
Debian:12 / openrazer
Package
- Name
- openrazer
- Purl
- pkg:deb/debian/openrazer?arch=source
Debian:13 / openrazer
Package
- Name
- openrazer
- Purl
- pkg:deb/debian/openrazer?arch=source
Debian:14 / openrazer
Package
- Name
- openrazer
- Purl
- pkg:deb/debian/openrazer?arch=source